package atom.core3.security.help;

import java.io.FileOutputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import atom.core0.exception.BizSysException;
import es.sing.util.CertificateUtils;
import es.sing.util.GeneraClaves;
import es.sing.util.X509Subject;

/**
 * 
 * <p>
 * Title:
 * </p>
 * <p>
 * Description:
 * </p>
 * <p>
 * Copyright: Copyright (c) 2003
 * </p>
 * <p>
 * Company:
 * </p>
 * 
 * @author unascribed
 * @version 1.0
 */
// JSSE+bouncycastle开发包＋jabacats.jar开发包
public class MakeCA
{

	private int duracion;
	private String signAlgorithm = null;
	private String algorithm = null;
	public MakeCA(String algorithm,String signAlgorithm,int duracion)
	{
		this.algorithm = algorithm;
		this.signAlgorithm = signAlgorithm;
		this.duracion = duracion;
	}

	public static void main(String[] args) throws BizSysException
	{
		MakeCA makeCA1 = new MakeCA("RSA","MD5WithRSA",365);
		//caIssue = "C=cn,ST=xinjiang,L=wulumuqi,O=sit,OU=soft,CN=sailing,EMAILADDRESS=sit@sit.com";// "C="+"CN"+",
		// ST="+"xinjiang"+",
		// L=
		// "+"wulumuqi"+",
		// O="+"sailing"+",
		// OU="+"soft"+",
		// CN="+"wangjn"
		// + ",
		// EmailAddress="+"wjn0567@sina.com";
		
		String caIssue = IssueInfo.getIssueInfo("ysepay", "ysepay", "organize", "sz", "gd", "cn", "ysepay@126.com");
		
		makeCA1.generCA("d:/","rootCA","ysepay",caIssue);
	}

	public void generCA(String path,String rootCAName,String password,String caIssue) throws BizSysException
	{
		if (algorithm==null || signAlgorithm==null)
			throw new BizSysException("请设置CA的算法");
		try
		{
			KeyPair parClavesCA = null;
			X509Certificate caCer = null;
			PrivateKey caPrivKey = null;
			PublicKey caPubKey = null;
			

			caIssue = X509Subject.decodeX509Subject(caIssue);
			// 改变系统安全算法(sun-------BouncyCastle)
			Security.addProvider(new BouncyCastleProvider());
			parClavesCA = GeneraClaves.generaParClaves(1024, algorithm);
			caPrivKey = parClavesCA.getPrivate(); // 产生CA私钥
			caPubKey = parClavesCA.getPublic(); // 产生CA公钥
			caCer = CertificateUtils.crearCertMaestro(caPubKey, caPrivKey, caIssue, duracion, signAlgorithm);

			//System.out.println("产生根证书！！！");
			FileOutputStream caCerOut = new FileOutputStream(path+rootCAName+".cer");//"d:/cacaCer.cer"
			caCerOut.write(caCer.getEncoded());
			caCerOut.close();
			// 初始化CA证书链
			Certificate[] caCadPfx = new Certificate[2];
			caCadPfx[1] = caCer;
			caCadPfx[0] = caCer;
			// 初始化内存密钥库P12格式
			KeyStore caStore = KeyStore.getInstance("PKCS12", "BC");
			caStore.load(null, null);
			caStore.setCertificateEntry("CA", caCer);
			caStore.setKeyEntry("CApriv", caPrivKey, null, caCadPfx);
			FileOutputStream caPfxOut = new FileOutputStream(path+rootCAName+".pfx");//"d:/caca.pfx"
			caStore.store(caPfxOut, password.toCharArray());
			caPfxOut.close();
		}
		catch (Exception ex)
		{
			ex.printStackTrace();
		}

	}
}

